Could he have merely reported it? Yes. He published the app to prove the vulnerability instead, which shows Apple just how serious and pervasive this problem could be for them. There is no indication whatsoever that he intended nor used his app in malicious way, it was merely proof of concept for the vulnerability.…